Microsoft Turns A Blind Eye To Phishing Scams On Xbox LIVE

By cwaltersOctober 6, 2009

William wrote to us this weekend to point out how little Microsoft does to fight phishing attacks on their hugely popular Xbox LIVE network. It’s unfortunate they don’t take this sort of crime more seriously, since so many kids—who by all rights should have less experience with phishing—are on Xbox LIVE. Below is what two different Xbox CSRs told William when he contacted them to complain about phishing attacks.

I get messages all the time over Xbox Live from people engaging in phishing scams. Thus far, I’ve been very annoyed because Microsoft seems completely unconcerned about it and their customer service has been very poor. I think of the people who fall for these scams and wonder why doesn’t Microsoft do more.

I spoke with a customer service rep and asked about the phishing scams, and he said to file a complaint on the person in-game, which had absolutely nothing to do with phishing. He suggested I select the option to report them for cheating in-game—does that make sense? I remarked how this was confusing and that there was no option to report phishing and he said that in the next update this fall, the option would be there. I’m pretty certain he was lying. He did say, though, that it was very hard to get an account back once it was stolen, something I don’t doubt he was being honest about.

Now today [October 4th, 2009], I got two messages from two different users, which are apparently audio clips of some little kid offering cheats and asking you to send a message back (during which he’ll ask for your account info and steal your account). It was strange because I got identical audio from two different accounts, meaning either that these phishers are very sophisticated or that there are a lot more phishers out there than I previously realized, because there’s this default phishing audio being spread around and re-used.

In the same time frame, I got another message from a different user with the same type of scam.

Frustrated with all the fraud going on, I called Xbox Live again to complain, to see if I could find some kind of fraud department, because I don’t think they take these things seriously. I was a bit belligerent (but respectful) with the customer service rep., but who can blame me? Again, she told me pretty much the same nonsense the guy before told me and more. Like he said, this woman told me the same: File a complaint on their gamertag (that’s their username in-game), go to the Xbox forums (where there’s no real support — just other gamers like me), and so on. She then said something even more ridiculous: She suggested that I make several accounts with Xbox and use all of them to file a complaint on the same person. As with the other gentleman’s remarks, I pointed how this was against the rules. It’s gaming the system. She said it wasn’t. I asked her why I should need several usernames to file a complaint and I told her I only pay for one account and that what she said didn’t make sense. It seemed like gaming the system. I asked if she was being honest with me, because she really didn’t seem like she was being honest because of how absurd it was. And then she hung up on me. Oh well.

How can Xbox not be concerned with all the fraud that goes on over their service? I’ve been thinking of calling Xbox Live and recording the phone conversation, then uploading it to Youtube. If I don’t do it, somebody else will… Heck, even you guys over at Consumerist ought to do it because the customer service reps. seem to say the most ridiculous things. They know how the system is being manipulated and instead of fixing it, they are telling other people to just manipulate it too.

If you look on the Xbox forums, you’ll see lots and lots of people complaining about “hacked” accounts and lack of support from Microsoft. Many of them either can’t afford a lawyer or don’t know they need one. So, many people apparently just pay for NEW ACCOUNTS on Xbox and Microsoft seems to be profiting from this phishing, which is… of course… the reason why they ignore it. Why stop people from scamming if it helps the bottom line?